Merge pull request #1 from SEPIA-Framework/dev

Update to v0.3.0:
- SSL support
- Settings file to configure server and path forwarding
- IP filter for each path to allow/restrict access from public servers

Author: fquirin

pom.xml

@@ -2,7 +2,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>net.b07z.sepia.proxies</groupId>
 	<artifactId>sepia-reverse-proxy</artifactId>
-	<version>0.1.0</version>
+	<version>0.3.0</version>
 	<packaging>jar</packaging>
 
     <properties>
@@ -20,13 +20,13 @@
 				<executions>
 					<execution>
 						<id>copy-dependencies</id>
-						<phase>prepare-package</phase>
+						<phase>install</phase>
 						<goals>
 							<goal>copy-dependencies</goal>
 						</goals>
 						<configuration>
 							<outputDirectory>
-								${project.build.directory}/libs
+								${project.build.directory}/build/libs
 							</outputDirectory>
 						</configuration>
 					</execution>
@@ -49,6 +49,46 @@
 					<finalName>sepia-reverse-proxy-v${project.version}</finalName>
 				</configuration>
 			</plugin>
+			<plugin>
+				<artifactId>maven-resources-plugin</artifactId>
+				<version>3.1.0</version>
+				<executions>
+					<execution>
+						<id>copy-resources-1</id>
+						<phase>install</phase>
+						<goals>
+							<goal>copy-resources</goal>
+						</goals>
+						<configuration>
+							<outputDirectory>${project.build.directory}/build/settings</outputDirectory>
+							<resources>          
+								<resource>
+									<directory>settings</directory>
+									<!--<filtering>true</filtering>-->
+								</resource>
+							</resources>              
+						</configuration>            
+					</execution>
+					<execution>
+						<id>copy-resources-2</id>
+						<phase>install</phase>
+						<goals>
+							<goal>copy-resources</goal>
+						</goals>
+						<configuration>
+							<outputDirectory>${project.build.directory}/build</outputDirectory>
+							<resources>          
+								<resource>
+									<directory>${project.build.directory}</directory>
+									<includes>
+										<include>*.jar</include>
+									</includes>
+								</resource>
+							</resources>              
+						</configuration>            
+					</execution>
+				</executions>
+			</plugin>
 		</plugins>
 	</build>
 
@@ -58,5 +98,11 @@
 	    	<artifactId>undertow-core</artifactId>
 			<version>2.0.1.Final</version>
 		</dependency>
+		
+		<dependency>
+	        <groupId>org.slf4j</groupId>
+	        <artifactId>slf4j-simple</artifactId>
+	        <version>1.7.21</version>
+	    </dependency>
   	</dependencies>
 </project>

settings/proxy.properties

@@ -0,0 +1,25 @@
+# Entries have to be of format: action_type_name, e.g.: redirect_path_1
+# Redirects must have 3 types per name: path, target, public
+# NOTE: The name "redirect" has to be understood in the context of proxy forwarding not 30x redirect ^^. 
+
+# SEPIA defaults for custom-bundle:
+
+# host=localhost
+host=0.0.0.0
+port=20726
+
+ssl_keystore=../letsencrypt/sepia-proxy-keystore.jks
+ssl_keystore_pwd=noextrapwdhere
+ssl_support_http=false
+	
+redirect_path_1=/sepia/assist
+redirect_target_1=http://localhost:20721
+redirect_public_1=true
+
+redirect_path_2=/sepia/teach
+redirect_target_2=http://localhost:20722
+redirect_public_2=true
+
+redirect_path_3=/sepia/chat
+redirect_target_3=http://localhost:20723
+redirect_public_3=true

src/main/java/net/b07z/sepia/proxies/Start.java

@@ -1,62 +1,161 @@
 package net.b07z.sepia.proxies;
 
+import java.io.BufferedInputStream;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.security.KeyStore;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Properties;
+
+import javax.net.ssl.SSLContext;
+
+import net.b07z.sepia.proxies.security.SSLContextBuilder;
+
 /**
  * Command-line interface to start a proxy.
  * 
  * @author Florian Quirin
  *
  */
 public class Start {
-
+	
+	//Overwrite JBoss logger
+	//private static Logger logger;
+	static{
+		System.setProperty("org.jboss.logging.provider", "slf4j");
+		//logger = LoggerFactory.getLogger(Start.class);
+	}
+	
+	//Defaults
+	private static String host = "localhost";
+	private static int port = 20726;
+	private static boolean ssl = false;
+	private static boolean sslSupportHttp = false;
+	private static String sslKeystore = "";
+	private static String sslKeystorePwd = "";
+	
+	private static String SETTINGS_FILE = "settings/proxy.properties";
+	
+	//Command-line parameters have priority
+	private static boolean ignoreSettingsHost = false;
+	private static boolean ignoreSettingsPort = false;
+	
+	public static void info(String msg){
+		System.out.println(msg);
+	}
+	public static void error(String msg){
+		//logger.error(msg);
+		System.out.println(msg);
+	}
+	
 	/**
 	 * Run a proxy.
 	 * @param args
 	 * @throws Exception 
 	 */
 	public static void main(String[] args) throws Exception {
+
 		String proxy = "";
 
+		//Check if arguments are given
+		if (args == null || args.length == 0){
+			error("Missing proxy-name to run, e.g. 'tiny'.");
+			help();
+			System.exit(1);
+		}
+		
 		//Proxy to run:
 		if (args[0].equals("tiny")){
 			proxy = "tiny";
-			
-			//default
-			int port = 20726;
-			String host = "localhost";
+			info("Starting tiny proxy ...");
 
 			for (String arg : args){
 				//Port
 				if (arg.startsWith("-port=")){
 					port = Integer.parseInt(arg.replaceFirst(".*?=", "").trim());
+					ignoreSettingsPort = true;
 
 				//Host
 				}else if (arg.startsWith("-host=")){
 					host = arg.replaceFirst(".*?=", "").trim();
+					ignoreSettingsHost = true;
+					
+				//SSL
+				}else if (arg.startsWith("-ssl=")){
+					ssl = Boolean.parseBoolean(arg.replaceFirst(".*?=", "").trim());
 
 				//Paths
 				}else if (arg.startsWith("-defaultPaths=")){
 					String paths = arg.replaceFirst(".*?=", "").trim();
 					if (!paths.equals("true")){
-						System.out.println("Sorry any other than the default paths are not yet supported via command-line interface!");
-						return;
+						error("Sorry any other than the default paths are not yet supported via command-line interface!");
+						System.exit(1);
 					}
 					//TODO: add a way to define custom prefix-path combinations (best: load from config and give config-file here as value)
 				}
 			}
 
-			//Create tiny reverse proxy
-			TinyReverseProxy reverseProxy = new TinyReverseProxy(host, port);
+			//Read settings
+			List<ProxyAction> actions = null;
+			KeyStore ks = null;
+			SSLContext sslContext = null;
+			try{
+				info("Loading settings from '" + SETTINGS_FILE + "' ...");
+				actions = loadSettings(SETTINGS_FILE);
+			}catch(Exception e){
+				error("Could not read '" + SETTINGS_FILE + "' file! Error: " + e.getMessage());
+				System.exit(1);
+			}
+			//Check SSL settings and keystore
+			if (ssl && (sslKeystore.isEmpty() || sslKeystorePwd.isEmpty())){
+				error("Missing SSL keystore and/or keystore password!");
+				System.exit(1);
+			}else if (ssl){
+				try{
+					ks = SSLContextBuilder.loadKeyStore(sslKeystore, sslKeystorePwd);
+				}catch (Exception e){
+					error("Could not load keystore located at: " + sslKeystore + " - check path and password!");
+					error("Error msg.: " + e.getMessage());
+					System.exit(1);
+				}
+				try{
+					sslContext = SSLContextBuilder.create(ks, null, sslKeystorePwd);
+				}catch (Exception e){
+					error("Could not create SSLContext from keystore!");
+					error("Error msg.: " + e.getMessage());
+					System.exit(1);
+				}
+			}
 
-			//Add paths - SEPIA defaults for custom-bundle:
-			reverseProxy.addPrefixPath("/sepia/assist", "http://localhost:20721");
-			reverseProxy.addPrefixPath("/sepia/teach", "http://localhost:20722");
-			reverseProxy.addPrefixPath("/sepia/chat", "http://localhost:20723");
+			//Create tiny reverse proxy
+			TinyReverseProxy reverseProxy = new TinyReverseProxy(host, port, ssl, sslContext);
+			reverseProxy.setSslHttpSupport(sslSupportHttp, (port + 1)); 		//HTTP support is done via listener on PORT+1
+
+			//Add actions
+			for (ProxyAction pa : actions){
+				if (pa.actionType.equals("redirect")){
+					reverseProxy.addPrefixPath(pa.redirectPath, pa.redirectTarget, pa.targetIsPublic);
+				}
+			}
+			/*	
+			reverseProxy.addPrefixPath("/sepia/assist", "http://localhost:20721", true);
+			*/
 
 			//Start proxy
 			reverseProxy.start();
 
 			//Note
-			System.out.println("SEPIA '" + proxy + "' reverse proxy started at: " + host + ":" + port);
+			info("\nSEPIA '" + proxy + "' reverse proxy started as: " + host + ":" + port);
+			info("Using SSL: " + ssl);
+			if (ssl){
+				info("SSL keystore: " + sslKeystore);
+				if (sslSupportHttp){
+					info("NOTE: All calls to simple HTTP are available at port: " + (port + 1));
+				}else{
+					info("NOTE: All calls to simple HTTP are deactivated when SSL is active!");
+				}
+			}
 
 			return;
 
@@ -71,11 +170,76 @@ public static void main(String[] args) throws Exception {
 	 * Command-line interface help.
 	 */
 	private static void help(){
-		System.out.println("\nUsage:");
-		System.out.println("[proxy-name] [arguments]");
-		System.out.println("\nProxies:");
-		System.out.println("tiny - args: -defaultPaths=true, -port=20726, -host=localhost");
-		System.out.println("");
+		info("\nUsage:");
+		info("[proxy-name] [arguments]");
+		info("\nProxies:");
+		info("tiny - args: -defaultPaths=true, -port=20726, -host=localhost, -ssl=true");
+		info("\nConfiguration is done via 'settings/proxy.properties' file.");
+		info("");
+	}
+	
+	/**
+	 * Class holding proxy actions loaded from settings.
+	 */
+	private static class ProxyAction {
+		String redirectPath;
+		String redirectTarget;
+		boolean targetIsPublic = false;
+		String actionType = "";
+		
+		public ProxyAction(){}
+		
+		public ProxyAction setRedirect(String path, String target, boolean isPublic){
+			this.redirectPath = path;
+			this.redirectTarget = target;
+			this.targetIsPublic = isPublic;
+			this.actionType = "redirect";
+			return this;
+		}
+	}
+	
+	/**
+	 * Load settings from properties file and return actions list.
+	 * @param configFile - path and file
+	 * @throws IOException 
+	 */
+	private static List<ProxyAction> loadSettings(String configFile) throws IOException {
+		BufferedInputStream stream=null;
+		Properties config = new Properties();
+		stream = new BufferedInputStream(new FileInputStream(configFile));
+		config.load(stream);
+		stream.close();
+		List<ProxyAction> actions = new ArrayList<>();
+		for (Object key : config.keySet()){
+			String entry = (String) key;
+			//has to be format: action_type_name, e.g. redirect_path_1
+			//has to have types: path, target, public
+			if (entry.startsWith("redirect")){
+				String[] info = entry.split("_");
+				if (info.length != 3){
+					throw new RuntimeException("Settings file has invalid format in entry: " + entry);
+				}else{
+					String name = info[2];
+					String path = config.getProperty("redirect_path_" + name);
+					String target = config.getProperty("redirect_target_" + name);
+					boolean isPublic = Boolean.parseBoolean(config.getProperty("redirect_public_" + name));
+					actions.add(new ProxyAction().setRedirect(path, target, isPublic));
+				}
+			
+			}else if (entry.equals("host") && !ignoreSettingsHost){
+				host = config.getProperty(entry);
+			}else if (entry.equals("port") && !ignoreSettingsPort){
+				port = Integer.parseInt(config.getProperty(entry));
+			
+			}else if (entry.equals("ssl_keystore")){
+				sslKeystore = config.getProperty(entry);
+			}else if (entry.equals("ssl_keystore_pwd")){
+				sslKeystorePwd = config.getProperty(entry);
+			}else if (entry.equals("ssl_support_http")){
+				sslSupportHttp = Boolean.parseBoolean(config.getProperty(entry));
+			}
+		}
+		return actions;
 	}
 
 }